Results of a lengthy real-world malware protection study are published here.

Sometimes gadgets are great fun and security isn’t a critical concern, but when price tags on military technology are upwards of several million dollars, it’s always a surprise to read about potential errors in design. Apparently, video feed communications are made … Continue reading →

It seems that the news on Chrome OS release have left no one neutral; some observers are beating the drums of its imminent failure and premature death, by relying on rather oversimplified concepts of cloud computing and insinuating about the … Continue reading →

A routine laptop clean-up revealed a few month old video of unpacking the Limbo trojan dropper. Before it gets deleted, posting it here just in case some folks might find it useful [link to video]. PS The sample was received … Continue reading →

The Koobface gang and their inability to spell is a giveaway for the latest of their trick pages. If you end up at a page that states “This content requires Adobe Flash Player 10.37. Would you want to install it … Continue reading →

Dennis Yu provides an experienced insider’s perspective on ad networks’ social networking monetization process. Fascinating details of major players within the ad networks and their practices. It’s amazing how difficult it can be to make money in a legitimate way … Continue reading →

The cybercriminal gangs developing and distributing Zbot have been highly active recently, as seen here and here, so let’s dig into the code again. On a day to day basis, malware researchers locate a sample of interest, which can seem … Continue reading →

While the sentence of the Pinch Trojan authors is about to expire within the following few months, the code of their Trojan is still being morphed by others into other nasty forms. Apart from its known ability to gather system … Continue reading →

Unfortunately, a lot of people didn’t realize that the email and attachment we posted yesterday was not really from “The Facebook Team”. ThreatFire users were protected from the Bredolab downloader and its Zbot payload, and it’s a good thing too. … Continue reading →

Another cybercriminal group is abusing the face of Facebook in another malware spam blast, fooling users to install banking password stealing malware and adware on their systems. The message of the email claims to arrive from “The Facebook Team”, but … Continue reading →

Yesterday’s release of Windows 7 brings with it a different playground for malware. If reviewer predictions are realized, the platform will overtake Windows XP as the Windows OS of choice in high volume. Which provides a whole new platform of … Continue reading →

The relentless rogueware distribution groups that we’ve been monitoring have changed their gig yet again, in their efforts to evade the typical AV solutions. And by the numbers this month, it seems that they are having a successful go at … Continue reading →

ThreatFire protected systems have been preventing Urlzone (also known as Bebloh), which has been flying under the radar of most AV vendors, for most of the year. The family is long in the wild and a pernicious one, so why … Continue reading →

Yesterday’s AMTSO conference brought with it formal announcements of Board positions, new tools for the AMTSO to offer testers (be sure to join the group!) and potential new efforts. There were some Board updates due to terms expiring, and discussion … Continue reading →

Cybercriminals are implementing techniques in their banking password stealers to further cover their tracks. Not that they were having an extremely difficult time with this already, as pointed out by Guillaume Lovet’s Virus Bulletin paper on fighting cybercrime. But the … Continue reading →

In Wisconsin, they’ve got a great smelt fry on Lake Michigan. In Louisiana, you can find great crayfish boils. But in Los Angeles, the Fbi announced a very different fry — another major international cyberfaud takedown they named Operation Phish … Continue reading →

Thousands of users fell for a Hotmail/Windows Live “likely phishing scheme” over the weekend. User account access is being blocked, and instructions to reclaim accounts are provided after a form is filled out on the site. Limited set of details … Continue reading →

At Virus Bulletin, we presented on some of the nastiest families of 2009, and zbot was one of them. Early Sunday morning was the first that the ThreatFire community started seeing a newer variant of the banking password stealing family … Continue reading →

This year’s annual Virus Bulletin 2009 is being held in Geneva, Switzerland. The presentations are very interesting with topics covering Waledac, Koobface, botnets, and other malware families ThreatFire is most effectively protecting users against every day. PC Tools’ Kurt Baumgartner … Continue reading →

Zeus/Zbot is an annoying threat. Its persistence is explained with a fact that it’s generated by a large army of attackers who use Zeus builder. Those attackers who are high in the food chain pay thousands of dollars for the … Continue reading →

It seemed strange when the steady stream of changing, but similar, Mebroot (also known as Sinowal) executables dried up in late July. But alas, the mbr infecting family seems to have simply run out of flour and wheat for their … Continue reading →

We may be seeing the stirrings of yet another Waledac distribution. Servers at 95.211.8.215 and 95.211.8.161 have been serving up a number of unusually named files since the 20th that appear to maintain not only the common Waledac unpacking stub, … Continue reading →